CVE-2014-8604

Xcloner - Information Disclosure

Title source: rule

Description

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/35212

View Code ZIP pw:eip

References (2)

[Exploit] http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/

[Exploit] http://www.vapid.dhs.org/advisory.php?v=110

Scores

EPSS 0.0840

EPSS Percentile 92.3%

Details

CWE

CWE-200

Status published

Products (2)

xcloner/xcloner 3.1.1

xcloner/xcloner 3.5.1

Published Jun 10, 2015

Tracked Since Feb 18, 2026